from the not-a-good-thing dept

We wrote last week about an appeals court's technologically illiterate ruling that WiFi isn't a radio communication, and therefore picking up unencrypted WiFi data, even though it's broadcast for anyone to access, could be a violation of wiretapping laws. This seemed ridiculous for a variety of reasons, including the fact that part of the reasoning is that radio is supposedly mostly "auditory" (even though it's not).

If you're a security researcher in the Ninth Circuit (which covers most of the West Coast) who wants to capture unencrypted Wi-Fi packets as part of your research, you better call a lawyer first (and we can help you with that). The Wiretap Act imposes both civil and serious criminal penalties for violations and there is a real risk that researchers who intentionally capture payload data transmitted over unencrypted Wi-Fi—even if they don't read the actual communications —may be found in violation of the law. Given the concerns about over-criminalization and overcharging, prosecutors now have another felony charge in their arsenal.

There's a fairly big risk here that this interpretation of the law is going to create tremendous chilling effects on research.

Of course, there is a flip side. In theory, this might also mean that police can't scoop up WiFi signals either:

On the other hand, the decision also provides a strong argument that the feds and other law enforcement agencies that want to spy on data transmitted over unencrypted Wi-Fi will need to get a wiretap order to do so. We've seen the government use a device called a "moocherhunter" without a search warrant to read Wi-Fi signals to figure out who's connecting to a particular wireless router. This decision suggests that to the extent the government uses a device like this (or even a "stingray" to the extent it can capture Wi-Fi signals) to capture payload data —even if just to determine a person's location—they'll need a wiretap order to do so. That's good news since wiretap orders are harder to get than a search warrant.

Still we've seen courts give much greater leverage to law enforcement scooping up communications, so this benefit might not actually be real. The risk and the chilling effects to security researchers, however, is very real. Having seen how often security researchers have been threatened and/or arrested for their research, giving law enforcement another bogus thing to use against them is a huge problem.

So, very narrow risk so far only in Mike's FUD...

"If you're a security researcher in the Ninth Circuit (which covers most of the West Coast) who wants to capture unencrypted Wi-Fi packets" versus fairly obvious benefits of not every yahoo or Google invading through gadgetry that is NOT put up for public use -- gee, I see only benefits.Mike Masnick on Techdirt: "its typical approach to these things: take something totally out of context, put some hysterical and inaccurate phrasing around it, dump an attention-grabbing headline on it and send it off to the press."

Re: So, very narrow risk so far only in Mike's FUD...

Point of order: Grammer, sentence structure, and your full chain of logic would be needed if I were to even begin to take that staement seriously. Without forknowlege of how you have previously responded, I wouldn't even be able to guess what you were trying to say.

Even guessing here I really dont see how commentary on the risk posed to researchers attempting to determine, A) how effective wifi encryption is, or B) how effective a new algorithm is at acquiring wireless signal, or C) any other legitimate, necessary research into security and/or innvoation in the wireless industry has "very little risk" because somehow it brings down google?

Re: So, very narrow risk so far only in Mike's FUD...

Mike, a white background makes your website difficult to read (my eyes burn after a while). You should include the option for a dimmer more friendly color. Unfortunately my phone doesn't seem to have such an option.

Re:

translation

To translate the EFF statement:

Because we think this might actual make some forms of hacking illegal, and because we wish that all wi-fi was free and no net users could ever be held accountable for their action, we therefore bring up this incredible scare story that has little basis in fact.

Valid security researchers, working on approved target networks or against networks they create for testing would not have an issue.

People who randomly door knock servers and networks looking for problems would - as they should.

Thanks to the EFF for this horribly transparent attempt to further their own agendas.

(and my posts are STILL being held for moderation... don't you get bored of censoring people Mike?)

Re:

Because in order to first connect to a network you need to scan it, to find out the ssid, and what encryption you need to use.

It's worse than that. Every time you are in range of a network your wireless receiver is receiving every single packet all the time. It then chooses to discard the stuff based on looking at it to see the network name on each packet.

So if you carry this ruling to its logical conclusion, you're a felon every time you use WiFi in a built up area.

Another useful feature shot down in flames

Just thought of another effect of this ruling even assuming you aren't a criminal now just for using WiFi in the first place...

Most enterprise level WiFi controllers allow the detection and quashing of "rogue" WiFi signals in range, including detecting APs impersonating your own network. This often includes the ability to impersonate the rogue AP to "steal back" any clients that have attached to it. To do that of course, it has to "wire tap" the rogue.

Looks like that feature will have to be disabled, huh? Way to make corporate networks less secure.

Re: So, very narrow risk so far only in Mike's FUD...

OOTB on Techdirt: "its typical approach to these things: take something totally out of context, put some hysterical and inaccurate phrasing around it, dump an attention-grabbing headline on it and send it off to the press."

Torn Sympathies

So hard to know for which to root, Amish judge's opinion or reality. On the AJ tip, we're all at risk for running wireless networks at all, since our machines listen to everything, but, hypothetically, we now have a defense against cops who snoop sans wiretapping orders. Got 'o hope EFF, ACLU, et al. are standing in the wings, waiting to jump on the first case brought by ANY cop organization, operating in the 9th circuit's demesne, that is based on one of these newly illegal wiretaps.

Not just security researchers

I have personally used Wireshark (a common and powerful sniffer) to capture all the wifi traffic in the area, to help me choose the best wifi channel for the access point I was configuring. This is a good idea since there is some traffic you will not see just by looking at the list of nearby networks like most people do.

Every wifi network in the area was encrypted, so I did not capture any plaintext payload, and I discarded the capture when closing Wireshark. But I could not know that every wifi network in the area was encrypted until after I did the capture. Not only are there kinds of wifi networks which do not beacon normally (like some kinds of mesh network), but also if I am close to the client but far enough from the access point, the network could be invisible to me but I could see the client (the hidden node problem, with the access point being the hidden node).

That ruling is pathetic anyway. "Sophisticated hardware"? Really? Every single wireless network card I have seen on common laptops can capture wireless packets. If every average laptop user has it, calling it "sophisticated hardware" as if it was something special you had to buy is a stretch. "Fail to travel far beyond the walls of the home or office where the access point is located"? Have they ever heard of high-gain antennas? I have heard of people being able to connect to unmodified access points kilometers away by simply using a high-gain antenna on a laptop. And not all high-gain antennas are "sophisticated hardware" too; have they ever heard of the cantenna and of the wok-fi?

Re: Re:

> It then chooses to discard the stuff based on looking at it to see the network name on each packet.

Sorry for being pedantic, but most packets do not have the network name. They have up to four six-byte addresses. It chooses to discard the stuff based on the receiver address, and if the receiver address is a group address (broadcast or multicast), based on another address which has the BSSID (which designates a single access point; a network name, called a ESSID, can have more than one access point).

"an appeals court's technologically illiterate ruling that WiFi isn't a radio communication, and therefore picking up unencrypted WiFi data, even though it's broadcast for anyone to access, could be a violation of wiretapping laws"

Unless you are exempt from the law, which apparently allows you to do what ever you want. No holds barred. Two sets of rules.

The Wiretap Act imposes both civil and serious criminal penalties for violations and there is a real risk that researchers who intentionally capture payload data transmitted over unencrypted Wi-Fióeven if they don't read the actual communications ómay be found in violation of the law.

So let me get this straight. If the NSA collects communications but doesn't read them, they haven't actually collected anything. But if you're a researcher, then it's a felony?

Re: Re:

Re: Re: Re: Re:

All true if, as you say, a little pedantic. Doesn't change the fact that all WiFi receivers in range receive all packets though, does it?

Many access points, and most client software, captures data based on this traffic to show you what is in the air around you.

Many access points label this information as "site survey" so that they can allow the administrator to chose the least populated channel (which of course, very few administrators realize that there are only three channels which do not interfere with each other: 1, 6, 11, and that choosing 2,3,4,5,7,8,9, or 10 makes you a dick,) and thus allow the administrator to chose channel 3 (because nobody else is on it.)

Most clients will display, as a matter of course, the list of SSIDs they see so that the user can connect to the one they think is theirs. Which is often a lot of fun when you set up an identical SSID as the one they usually use, and then they end up connecting to your access point without authorization! Me loves me some hot "linksys" or "default" SSID action!

Re: translation

And my posts are STILL being held for moderation... don't you get bored of censoring people Mike?
Actually, censorship would be if your posts were deleted altogether, not simply held to check they're not anything like the following: Cheap kobe Shoes I looked at the size and realized it was not going t
New Football Boots Their alertness, agility, and strength make them formidable guard dogs and used as service dogs, guide dogs for the blind, therapy dogs, police dogs in K9 units, and occasionally herding cattle or sheep. After all, censorship is suppression of speech, not waste disposal.